Despite the health care sector being one of the most sought after industries in regards to cyber-attacks and data breaches, nearly 32 percent of hospitals and over half of non-acute providers – outpatient clinics, rehabilitation facilities, physicians’ offices, etc. – are not encrypting their data when transmitting across networks, according to a new Healthcare Information and Management Systems Society (HIMSS) survey. When medical data is at rest, or sitting in a provider’s database, valuable health information was said to be encrypted by only 61 percent of healthcare systems and hospitals and 48 percent of non-acute providers, leaving extremely confidential and valuable personal identifiable information (PII) vulnerable to cybercriminals. While cyber-attacks on the health care industry have reached an all-time high with no signs of slowing down, providers continue to lack adequate cybersecurity to protect its data. The healthcare sector could take some lessons from the financial industry, which ramped up its cybersecurity practices in the wake of some large-scale breaches.
What’s more, 22 percent of heath care systems and hospitals are not using firewalls to protect from outside intruders. “With tens of thousands of malware variants being generated each day, this lack of defense may leave an organization wide open to compromise,” the report noted. “Without the use of a firewall… providers likely lack the ability to prevent or mitigate virus, malware and other forms of malicious or undesirable software.” While the technology is certainly out there to protect data within the healthcare sector, both acute and non-acute health care providers simply fail to invest the time, resources and energy to protect data that is constantly under threat from cybercriminals.